formbook

General

Target

59ae2629ce8149b038cd46ad72a9e76de8678f8c0f284ff6182d642c05007939.exe
Size

1.1MB
Sample

241105-qk3yca1let
MD5

96d3854d251ef67abcd64dd77d8e8f96
SHA1

67287638bb52465804179d38f522dfe782cfaec9
SHA256

59ae2629ce8149b038cd46ad72a9e76de8678f8c0f284ff6182d642c05007939
SHA512

9ef435c8d176fc5b87c32309ca1d3a6500f7692ef47627898445f4918b78be5b6f5f5eb8ddf0141dce4cb57f381329261c84bf3a3d7df0f250a91810daeb8deb
SSDEEP

24576:ffmMv6Ckr7Mny5QLkwtPiDovnB/ZcObUP1:f3v+7/5QLkwcDovn70P1

Score

10^/10

Malware Config

Extracted

Family

formbook

Version

4.1

Campaign

ge07

Decoy

mail-marketing2-9946168.live

ouwmijnweb.net

verythingmars.online

rgqhcy.shop

unter-saaaa.buzz

ox.bio

arkside.top

ransportationmmsktpro.top

lue-ocean-bar.group

lympiccat.xyz

onstruction-jobs-49170.bond

andon-saaab.buzz

fdmw.sbs

48430091.top

yuyh.boats

kyt968.shop

pismedical.shop

ocialmediafactory.xyz

inussofa.shop

ision.fit

Targets

- Target
  
  59ae2629ce8149b038cd46ad72a9e76de8678f8c0f284ff6182d642c05007939.exe
- Size
  
  1.1MB
- MD5
  
  96d3854d251ef67abcd64dd77d8e8f96
- SHA1
  
  67287638bb52465804179d38f522dfe782cfaec9
- SHA256
  
  59ae2629ce8149b038cd46ad72a9e76de8678f8c0f284ff6182d642c05007939
- SHA512
  
  9ef435c8d176fc5b87c32309ca1d3a6500f7692ef47627898445f4918b78be5b6f5f5eb8ddf0141dce4cb57f381329261c84bf3a3d7df0f250a91810daeb8deb
- SSDEEP
  
  24576:ffmMv6Ckr7Mny5QLkwtPiDovnB/ZcObUP1:f3v+7/5QLkwcDovn70P1
Score

10^/10

formbook ge07 discovery rat spyware stealer trojan
- Formbook
  Formbook is a data stealing malware which is capable of stealing data.
  trojan spyware stealer formbook
- Formbook family
  formbook
- Formbook payload
  rat
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1

T1082

System Location Discovery

1

T1614

System Language Discovery

1

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

Sharing

General

Malware Config

Extracted

Targets

Formbook family

Formbook payload

Suspicious use of SetThreadContext

MITRE ATT&CK Enterprise v15

Tasks

static1

behavioral1

behavioral2